Automated security privilege setting for remote system users

ABSTRACT

A method of secure communication involves determining that a remote system is trusted prior to authorizing secure communication therewith. A removable security device is coupled with a first system. When the first system communicates with a remote system securely, the remote system is evaluated to ensure that it is a trusted remote system prior to secure communication therewith being allowed.

FIELD OF THE INVENTION

The invention relates to the field of computer security and moreparticularly to establishing security based on access to a remotesystem.

BACKGROUND

With microcomputers becoming a ubiquitous part of communications,information storage, analysis and entertainment, the use of portablestorage media is increasingly common. One application of portablestorage media is computer security.

In using portable storage media such as smart cards, USB memory devices,key fobs, and portable hard drives for computer security, what is oftendone is that security processes are executed within the portable devicefor securing some aspect of computer functionality. A very commonexample is the “dongle.” A dongle is a device that couples to a computerport for enabling execution of a software application. Many expensivesoftware applications require a dongle in order to prevent piracythereof.

Another example is a secure storage medium. Here, data access isrestricted by the portable device until some user authentication isperformed. This authentication is typically managed by the deviceitself. As such, security for these portable devices, when self managed,is assured across platforms and systems.

Today, many systems are networked to each other via a public networksuch as the Internet. With access to the Internet, comes access to aplethora of goods and services from banking to entertainment toshopping. Unfortunately, where there are financial transactions, thereis also an opportunity for fraud.

There are two fundamental methods for defrauding consumers using theInternet. In the first, social engineering is employed to dupe anindividual out of their hard earned money. For example, a non-existentproduct is sold and never shipped even though payment is received.Another form of socially engineered fraud involves asking a user fortheir password information in a fashion to encourage them to enter same.For example, a duplicate web site to that of a bank is presented with alogin page. Once the user provides their information, the fraud isperpetrated by properly logging into the banking system. Since theproper credentials are provided—user name and password—it is impossiblefor the bank to prevent the fraud from occurring. In a second type offraud, adware software is employed to retrieve from computer systemsdata for use in perpetrating the fraud. Here passwords and user namesare retrieved, for example, using a key capture Trojan that logs eachkeystroke and sends the log file to the perpetrator. In order to avoidthis second type of fraud, two common methods are employed. In thefirst, a security process is executed for maintaining a system free ofad ware and viruses. In a second method, one-time passwords (OTPs) areemployed such that even with key logging, no useful information iscaptured.

It would be advantageous to provide a method for at least in partavoiding fraud of the above-mentioned types.

SUMMARY OF THE INVENTION

In accordance with the invention there is provided a method comprising:coupling a removable security device having therein a first securityprocess to a first system; accessing a remote server system by at leastone of the removable security device and the first system, the firstremote system accessible via a network; when the first remote system isaccessed, enabling the first security process to establish securecommunications according to the first security process between the firstsystem and the remote server system; and when the first remote system isother than accessible, other than enabling the first security process.

In accordance with another embodiment of the invention there is provideda method comprising: coupling a removable security device having thereina first security process to a first system; accessing a remote serversystem by at least one of the removable security device and an applet inexecution within the first system and communicating with the removablesecurity device, the first remote system accessible via a network; whenthe first remote system is accessed, enabling the first security processto establish secure communications according to the first securityprocess between the first system and the remote server system; when thefirst remote system is other than accessed, preventing securecommunication between the first system and the remote server systemaccording to the first security process; and when the first remotesystem is accessed, performing the first security process toauthenticate the security device to the remote server system, the firstremote system then transmitting data to at least one of the first systemand the remote server system to establish secure communications betweenthe first system and remote server system.

In accordance with another embodiment of the invention there is provideda method comprising; coupling a removable security device having thereina first security process to a first system; accessing a first remotesystem by at least one of the removable security device and the firstsystem, the first remote system accessible via a network; when the firstremote system is accessed, enabling the first security process; and whenthe first remote system is other than accessible, other than enablingthe first security process.

In accordance with another embodiment of the invention there is provideda storage medium having stored therein data, the data when executedresulting in a security method comprising; providing the coupling of aremovable security device having therein a first security process to afirst system; and accessing a first remote system by at least one of theremovable security device and the first computer, the first remotesystem accessible via a network. When the first remote system isaccessed, enabling the first security process; and when the first remotesystem is other than accessible, other than enabling the first securityprocess.

In accordance with another embodiment of the invention there is provideda storage medium having stored therein data which when executed resultsin a security method comprising; providing a coupling of a removablesecurity device having therein a first security process to a firstsystem; loading from the removable security device an applet forexecution, the applet for being loaded in response to coupling of theremovable security device therewith, the applet for accessing the firstremote system. Accessing a first remote system by at least one of theremovable security device and the first system, the first remote systemaccessible via a network; wherein when the first remote system isaccessed, enabling the first security process; and when the first remotesystem is other than accessible, other than enabling the first securityprocess.

In accordance with another embodiment of the invention there is provideda method of security comprising determining access privileges to atleast one of data and processes within a removable security device. Theaccess privileges determined by communicating with a remote system;exchanging security data between the security device and the remotesystem; and in dependence upon the security data exchanged, determiningaccess privileges to at least one of data and processes within theremovable security device.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the invention will now be described inconjunction with the following drawings, in which:

FIG. 1 illustrates a simplified schematic of a host computer with aperipheral memory storage device coupled thereto and networked foraccessing multiple remote computer systems.

FIG. 2 a is a simplified flow diagram of a method of securing access toa server relying on a password stored securely within the peripheralmemory storage device.

FIG. 2 b is a simplified flow diagram of a method of securing access toa server relying on a password stored securely within the peripheralmemory storage device.

FIG. 3 a is a simplified flow diagram of a method of securing access toa server relying on a one time password generated securely within theperipheral memory storage device.

FIG. 3 b is a simplified flow diagram of a method of securing access toa server relying on a one time password generated securely within theperipheral memory storage device.

FIG. 4 illustrates an exemplary embodiment of the invention wherein auser possessing a removable peripheral memory storage device wishes touse a remote host computer to access a computer server, whose identityis securely stored on the removable peripheral memory storage device.

FIG. 5 illustrates an exemplary embodiment of the invention wherein auser possessing a removable peripheral memory storage device wishes touse a remote host computer to access a computer server, the server andhost periodically re-verifying the security credentials of the user,which are securely stored on the removable peripheral memory storagedevice.

FIG. 6 outlines an exemplary flow diagram for wherein the accessprivileges of user are determined by the establishment of communicationto remote computer and verification of security data.

FIG. 7 outlines an exemplary flow diagram for wherein the accessprivileges of user are determined by the establishment of communicationto remote computer system and the identity of the computer the user isaccessing from.

FIG. 8 outlines an exemplary flow diagram for wherein the accessprivileges of user are determined by the establishment of communicationto remote computer systems and the establishment of rights from theremote computer systems based upon the identity of the host system.

FIG. 9 outlines an exemplary flow diagram for wherein the accessprivileges of user are determined by the establishment of communicationto remote computer systems and the verification of security data withsaid remote computer(s).

FIG. 10 outlines an exemplary flow diagram for wherein the accessprivileges of user are established via an applet loaded for establishingcommunication to remote computer systems and the verification ofsecurity data.

FIG. 11 outlines an exemplary flow diagram for wherein the accessprivileges of user are established via an applet loaded for establishingcommunication to remote computer systems and the identity of thecomputer the user is accessing them from.

FIG. 12 outlines an exemplary flow diagram for wherein the access of auser is determined by the establishment of communication to remotecomputer system.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Referring to FIG. 1 shown is a simplified diagram illustrating a hostcomputer system 101. Coupled with the host computer system is peripheralmemory storage device 102. The peripheral memory storage device iscapable of securing some functions either thereof or of the hostcomputer system. Some examples of supported functions include encryptionof data within the peripheral memory storage device 102, one timepassword generation by the peripheral memory storage device 102, andsecure communication negotiation by the peripheral memory storage device102. For example, in order to provide a security function for anapplication, the host computer system 101 loads an applet from theperipheral memory storage device 102 for performing a security functionthereon. Here, the applet addresses the communications interfaces of thehost computer 101 in order to access a communication network availablethereto for communicating with the peripheral memory storage device 102.

Shown are a directly interconnected network 111 having a series of firstcomputers 108, 109 and 110 along with first and second server systems106, 107. Due to the direct interconnection of the network 111, itssecurity is typically determined with ease. For example, when network111 is within a highly secure environment the interconnects in the formof cabling comprise, for example, screened Ethernet cables. Further,security systems in the form of firewalls are interposed between thehighly secure environment and a wide area network coupled therewith inthe form of the World Wide Web 114.

Shown is a wireless router 103, which addresses second computer system104 and third computer system 105 having a second portable memorystorage device 122 coupled therewith. Optionally wireless router 103also acts as a firewall for the network 111. Communication to the secondand third computer systems 104 and 105 is typically considered lesssecure as the wireless link is subject to tapping and intercept.

The host computer system 101 interfaces with a wide area network in theform of the World Wide Web, or Internet, 114. Also shown interfacing tothe World Wide Web are a fourth computer system 112 having a thirdportable memory storage device 132 coupled therewith and a third server113. Communication to these systems is also typically less secure as thebasic principles of the Internet allow the packets of information to berouted through any elements of the network. At any point of this wideinformation flow data is accessible for illegal monitoring, sampling,and copying.

Referring to FIG. 2 a, shown is a simplified flow diagram of a method ofsecuring access to a server relying on a password stored securely withinthe peripheral memory storage device 102. A user attaches the peripheralmemory storage device 102 to a host computer system in step 201 whereinin step 202 the host computer system identifies the peripheral memorystorage device. The user, using the host computer system, accesses asecure web site such as banking or trading web site in step 203. Thehost computer negotiates a secure connection with the secure website forconducting communications, in this example financial transactions, asshown in step 204 in conjunction with the peripheral memory storagedevice.

The peripheral memory storage device 102 via an applet in executionwithin the host computer system accesses a server in step 205, theserver at a predetermined location within the network and verifiesitself to the server. If the server is not accessed in step 206 then theprocess moves to step 210 and no rights are granted. If the server isaccessed in step 206 then the applet also acts to verify the peripheralmemory storage device to the server, in step 207. A verificationdecision being made in step 208. If the peripheral memory storage deviceis not verified then the process moves to step 210 and ends. Onceverification is complete, the user has access to communications with thesecure web site in step 209.

As is evident to those of skill in the art, a spoof web site displayedto a user to acquire their credentials will not breach security orsuccessfully gather credentials as they are provided to a predeterminedserver directly from the peripheral memory storage device 102. As such,the user is less capable of undermining security due to a fraud based onsocial engineering as (a) they may be unaware of their owncredentials—user name and password and (b) the credentials are notprovided to any web site—they are only provided to predeterminedservers. In this fashion, if a bank provides the peripheral memorystorage device 102 to the user, the bank maintains control of theirsecurity passwords, processes, and servers to result in a higher levelof security.

The flow diagram of FIG. 2 b is a simplified diagram of a processsimilar to that of FIG. 2 a wherein the peripheral device negotiates thesecure communication with the server. A user attaches the peripheralmemory storage device 102 to a host computer system in step 221 whereinin step 222 the host computer system identifies the peripheral memorystorage device. Unlike the flow diagram presented supra in FIG. 2A theperipheral device negotiates a secure connection with the secure websitefor conducting communications, in this example financial transactions,as shown in step 223.

The peripheral memory storage device 102 via an applet in executionwithin the host computer system accesses a server in step 224, theserver at a predetermined location within the network and verifiesitself to the server. If the server is not accessed in step 2225 thenthe process moves to step 229 and no rights are granted. If the serveris accessed in step 225 then the applet also acts to verify theperipheral memory storage device to the server, in step 226. Averification decision being made in step 228. If the peripheral memorystorage device is not verified then the process moves to step 229 andends. Once verification is complete, the user has access tocommunications with the secure web site in step 228.

Referring to FIG. 3 a, shown is a simplified flow diagram of a method ofsecuring access to a server relying on a one time password generatedsecurely within the peripheral memory storage device 102. A userattaches the peripheral memory storage device 102 to a host computersystem in step 301 whereupon it is identified by the host computer instep 302. The user, using the host computer system, accesses a secureweb site such as banking or trading web site in step 303. The peripheraldevice negotiates a secure connection with the secure website forconducting communications, in this example financial transactions instep 304.

The peripheral memory storage device 102 via an applet in executionwithin the host computer system accesses a server, in step 305, at apredetermined location within the network. If the server is not accessedthen the process moves to step 310, wherein no rights are granted. Ifthe server is accessed in step 306 then the process moves to step 307and a one time password is provided from the peripheral memory storagedevice to the server in verification step 307. If the peripheral deviceverifies itself to the server in step 308 the process moves to step 309and communications to the server are authorized. However, a failedverification at step 308 results in the process moving to step 310,granting no rights and terminating the process. In an exemplaryembodiment of step 307, the server at the predetermined network locationprovides a first value and the peripheral memory storage device, basedon the received first value, generates a second other value as the onetime password and provides this to the server. In this way, thepassword, even if intercepted, is of no predictable use in the future.Preferably, the one time password is obfuscated to ensure that the onetime password is not useful at present or in the future, if intercepted.

As is evident to those of skill in the art, a spoof web site displayedto a user to acquire their credentials will not breach security orsuccessfully gather credentials as they are provided to a predeterminedserver directly from the peripheral memory storage device 102. As such,the user is less capable of undermining security due to a fraud based onsocial engineering as (a) they are unaware of a next one time passwordand (b) the credentials are not provided to any web site selected by theuser—they are only provided to one or more predetermined servers.Optionally, server public keys are stored within the peripheral memorystorage device 102 in a reliable and secure fashion to ensure thatnetwork addresses of those servers are not spoofed. In this fashion, ifa bank provides the peripheral memory storage device 102 to the user,the bank maintains control of their security password generatingprocess, communication processes, and servers to result in a higherlevel of security.

The flow diagram of FIG. 3 b is a simplified diagram of a processsimilar to that of FIG. 3 a wherein the peripheral device negotiates thesecure communication with the server. A user attaches the peripheralmemory storage device 102 to a host computer system in step 321whereupon it is identified by the host computer in step 322. Theperipheral device automatically negotiates a secure connection with thesecure website for conducting communications, in this example financialtransactions in step 323. The peripheral memory storage device 102 viaan applet in execution within the host computer system accesses aserver, in step 324, at a predetermined location within the network. Ifthe server is not accessed then the process moves to step 329, whereinno rights are granted. If the server is accessed in step 325 then theprocess moves to step 326 and a one time password is provided from theperipheral memory storage device to the server. If the peripheral deviceverifies itself to the server in step 327 the process moves to step 328and communications to the server are authorized. However, a failedverification at step 327 results in the process moving to step 329,granting no rights and terminating the process.

Shown in FIG. 4 is an exemplary embodiment of a system and method foruse therewith wherein a user possessing a removable peripheral memorystorage device 402 accesses a host computer 401 to access a computerserver 403, an address of which is unknown to the user but is securelystored on the removable peripheral memory storage device 402.

The user accesses the remote host computer 401 for the purposes ofaccessing a software application and/or computer data from a corporatenetwork, for example. The user couples the peripheral memory storagedevice 402 to the host computer 401. The peripheral memory storagedevice 402 is identified by the host computer system, and from it anapplet and a set of one or more computer server addresses are extracted,depicted at 420. The host computer 401 executes the uploaded appletresulting in an attempt to communicate with a server 403 indicated bythe address extracted from the peripheral memory storage device 402, thecommunication depicted at 410 and via communication path 404.

If the identified remote system is successfully contacted then thecomputer server 403 communicates via a security protocol at 411 forexample, seeking verification of security data. Exemplary forms ofsecurity data include user provided data, security data embedded intothe peripheral memory storage device, and biometric validation of theuser. Optionally, the peripheral memory storage device also acts toverify the remote system. For example, the applet executes within thehost system to verify integrity, security, and identity thereof. Oncesecured, the peripheral memory storage device communicates with theremote system via, for example, a registered private key or certificatestored securely within the peripheral memory storage device to verifythat the server owns the private key via a signature verification of amessage sent from the server. Once completed, the remote server isverified as trusted.

Once the security data is validated, the peripheral memory storagedevice is activated to provide enhanced functionality based on thevalidation. When the server is unreachable or when the security data isother than validated, the enhanced functionality is other thanavailable. Optionally, the enhanced functionality includes providinguser authorization data to the server to enable communications eitherbetween the remote host computer and the server or between the remotehost computer and another server.

Referring to shown in FIG. 5 is an exemplary embodiment wherein a userpossessing a removable peripheral memory storage device 502 wishes touse host computer 501 to access a remote computer server 503, the remotecomputer server 503 and host computer 501 periodically re-verifying thecommunication there between. In the exemplary embodiment the usercouples the peripheral memory storage device 502 to the host computer501. The removable peripheral memory storage device 502 is identified bythe host computer 501, and from it an applet and a set of one or moreremote computer server identities are extracted at first transfer 520.The host computer 501 executes the uploaded applet causing it to attemptto access one or more remote computer servers 503 based on theidentifier(s) extracted from the removable peripheral memory storagedevice 502 and represented at first communication 510.

If the identified remote computer server 503 is successfully contacted,then the remote computer server 503 communicates via a securityprotocol, shown at second communication 511, for example, seekingverification of security data embedded into the peripheral memorystorage device, shown as second transfer 530. Exemplary other forms ofsecurity data include user provided data, security data, and biometricvalidation of the user.

Once the security data is validated, the removable peripheral memorystorage device 502 is activated to provide enhanced functionality basedon the validation. Alternatively, once the security data is validated,the server is activated to provide enhanced functionality based on thevalidation. Further alternatively, once the security data is validated,another server that is in communication with the server is activated toprovide enhanced functionality based on the validation. When the serveris unreachable or when the security data is other than validated, theenhanced functionality is other than available.

After a prescribed period, denoted in the figure as Δt, the peripheralstorage device requests at third communication 512 to establish are-verification of the security data from the remote computer server503. The third communication 512 causes the host computer 501 tocommunicate with the remote computer server 503, triggering fourthcommunication 513 and third transfer 540. The re-verification of thesecurity data re-occurs for each incremental time period Δt such thatfor the N^(th) re-verification the elapsed time is N*Δt, where N is apositive integer, until either the re-verification process fails or theuser logs out of the application or data access. Such an N^(th)re-verification is shown by fifth and sixth communications between thehost computer 501 and remote computer server 503, and fourth transfer550. Thus, enhanced peripheral device functionality of removableperipheral memory storage device 502 is maintained so long as thecommunication and validation with the remote computer server 503 ismaintained.

It would be evident to someone skilled in the art that the “usersession” is optionally terminated automatically for other reasons,exemplary examples being should the elapsed time N*Δt for example exceeda pre-prescribed limit, or the fee charged for access on a per unit timebasis exceeds a credit limit on the system in question.

Optionally, the enhanced functionality includes providing userauthorization data to the server to enable communications either betweenthe remote host computer and the server or between the remote hostcomputer and another server. When this is the case, the peripheralstorage device 502 re-authenticates to the server 503 periodically tomaintain the enabled communications.

Shown in FIG. 6 is an exemplary flow diagram wherein access privilegesare dependent upon establishment of communications with a remotecomputer system and optional verification of security data.

A peripheral memory storage device is coupled to a host system in step601. The peripheral memory storage device is identified by the hostcomputer system, step 602, and from it a set of one or more remotecomputer system identities are retrieved in step 603. These identitiesare optionally stored within the peripheral memory storage device in amanner whereby they are secure, and further are optionally hidden fromaccess via normal access commands of the peripheral memory storagedevice. These remote computer system identities are typically IPprotocol sequences. Alternatively, they comprise public keys, privatekeys, and/or X509 certificates.

For the first identity, an attempt is made at accessing an associatedremote computer system via a network interface of the host computersystem in step 604. Sometimes, this requires sequential accessing ofmultiple network interfaces as computers are optionally coupledsimultaneously to multiple direct physical networks, for example viaEthernet, Wireless interfaces, and the World Wide Web.

Should the first identified remote system not be accessible then thehost computer at step 605 then the process moves to step 606 wherein theprocess determines if the last remote computer system identity has beenretrieved. If the last remote computer system identity was notaccessible then the process moves to step 612 and ends. If, however, theremote computer system identity that could not be accessed in step 606was not the last remote computer system identity then the processreturns to step 604 and addresses the next remote computer systemidentity within the list, and thence proceeds to step 605 again.

When an identified remote computer system is successfully contacted thena security protocol is initiated, for example, seeking verification ofsecurity data. As shown this begins with downloading security data fromthe contacted external system in step 607. Optionally, the peripheralmemory storage device also acts to verify the remote system. Forexample, the applet executes within the remote system or alternativelywithin the peripheral memory storage device to verify integrity,security, and identity thereof. Exemplary forms of security data includeuser provided data, security data embedded into the peripheral memorystorage device, and biometric validation of the user. Optionally,security data is required at the peripheral memory storage device inorder to initiate the security protocol.

At step 608 the process determines whether the security data providedfrom the contacted remote computer system is valid. If the check is notvalid then the process moves to step 606 and determines whether anotherremove computer system identity exists to contact. If the validity isconfirmed then the process may proceed firstly to step 609 wherein theperipheral memory storage device is activated to provide enhancedfunctionality based on the validation. Alternatively, the process movesto step 610 wherein the user rights are transmitted to the remotecomputer system which is activated to provide functionality based onvalidation of the peripheral memory storage device and granted fullrights in step 611 Alternatively, the security protocol involves theremote computer system providing data for provision to the peripheralmemory storage device and is absent a step of validation. Furtheralternatively, the peripheral memory storage device performs the step ofvalidating data received from the remote computer system.

Shown in FIG. 7 is an exemplary flow diagram wherein access privilegesof a user are determined by establishing communication with a remotecomputer system and identification of a host computer system from whichthe user is accessing the remote computer system.

A peripheral memory storage device is coupled to the host computersystem in step 701. The peripheral memory storage device is identifiedby the host computer system at step 703 and a remote computer identityis extracted therefrom in step 703. This identity is optionally storedwithin the peripheral memory storage device in a manner whereby it issecure, and further is optionally hidden. The remote computer systemidentity comprises IP protocol sequences or alternatively a specificserver or computer identity of a different format.

The host computer then with the identity of the remote system uses thenetwork interfaces of the host computer system to attempt communicationwith said remote system at step 704. Optionally sequential accessing ofmultiple network interfaces is performed as sometimes computers areconnected simultaneously to multiple direct physical networks as well asaccessing other networks via wireless interfaces and the World Wide Web.A determination step 705 establishes whether the remote system has beencontacted. If the first identified remote system is not be contactedthen the user is granted no access rights in step 711. Optionally, theuser may be granted limited rights rather than none.

If, however, the identified remote system is contacted then the processmoves to step 705 and the remote system triggers a security protocoldownload and establishes secure communications between the remote systemand the host system. Upon completion of the security protocol setting,the identity of the host system is communicated to the remote system instep 707. Upon receipt of the host computer identity the remote systemperforms a look-up operation of the host location in step 708. Basedupon the location the process looks-up against an active rights matrixthe host location identified and determines the user's rights in step710.

These user rights are then communicated back to the host computer,wherein they may be stored locally on the host or within the peripheralmemory storage device. Shown in the exemplary embodiment are three userrights levels granted by the remote system to the user attached to thehost. The first of these is “NONE” wherein user is granted no rights,examples of such look-ups based upon location including, but not limitedto, determining access being made from networks hosted in countrieswhich the user's corporation considers insecure, or has routed via anetwork known to be insecure. Accordingly the process moves to step 711.

The second of these being “MEDIUM” wherein the user is granted limitedaccess to the host in step 715 and restricted rights in step 714. Suchrestricted rights might be applied for a user accessing a system notpart of the corporate physical infrastructure and hence the user isgranted, for example, access to email services, but is prevented fromaccessing corporate databases.

The third exemplary rights granted are “HIGH” wherein the user is givenauthorization to the host in step 713 and is granted full rights in step712. Here examples of look-ups resulting in “HIGH” include the useraccessing a corporate headquarters remote system from a branch office ofthe corporation. It would be understood to one skilled in the art thatthere are numerous degrees of access rights that could be granted to auser, both as broad privileges, but also wherein the rights are variedaccording to the applications accessible by the user.

Shown in FIG. 8 is an exemplary flow diagram for wherein the accessprivileges of a user are determined by the establishment ofcommunication to remote computer systems and the establishment of rightsfrom the remote computer systems based upon the identity of the hostsystem.

As a first step in the exemplary process a peripheral memory storagedevice is coupled to the host system in step 801. The peripheral memorystorage device is identified by the host computer system at step 802,and from it a set of remote computer identities are extracted, alongwith requirements for remote system contacts in step 803. Theseidentities are optionally stored within the peripheral memory storagedevice in a manner whereby they are secure, and further are optionallyhidden from normal accessing of the peripheral memory storage device.These remote computer system identities are typically IP protocolsequences, but optionally are specific servers or computer identities ofa different format.

The host computer uses the network interfaces of the host computersystem to attempt communication with the first remote system identityfrom the remote system identities list at step 806. This optionallyinvolves the sequential accessing of multiple network interfaces ascomputers are sometimes connected to multiple networks both directly andindirectly. At step 807 the process determines whether the remote systemhas been contacted or not. Should the first identified remote system notbe contacted then the host proceeds to step 813 to determine if theremote system identity currently employed is the last within theextracted set of remote computer identities. If it is not then theprocess moves to step 814 wherein the next identity is loaded and theprocess now returns to step 805 and repeats the attempt to contact aremote host with the next remote system identity.

If, however, the identified remote system is contacted then the processmoves to step 807 the remote system triggers a security protocoldownload and establishes secure communications between the remote systemand the host system. Upon completion of the security protocol settingthen the identity of the host system is communicated to the remotesystem in step 808. Upon receipt of the host computer identity theremote system performs a look-up operation of the host location in step809. This location is then compared against an active rights matrix thatestablishes the user's rights in step 810. These rights are then sent tothe host computer and temporarily stored either local to the hostcomputer or on the peripheral memory storage device at step 811. Theprocess now moves to step 813 to determine whether any other remotesystems remain to be contacted. Upon determining that more identitiesexist the process loops back via step 814 as discussed supra.

If a further remote system is not required then the flow jumps directlyto defining overall access rights at step 814. The result of thepreceding process flow being to sequentially attempt contact with allremote computers within the set of identities extracted and establishingfor each successful contact the rights associated with each.Establishing the overall user rights within this exemplary embodiment islooking for the remote system providing the highest access privilegesand thereby allowing the user to work in communication solely with thisremote system. Alternatively the establishing of rights may be made bytaking multiple privileges such that different remote systems areaccessed according to application or activity. Optionally the user mayrequire multiple high level user rights before they can access one ormore remote systems.

Shown in the exemplary embodiment are three user rights levels grantedto the user attached to the host determined from the step 815. The firstof these is “NONE” wherein user is granted no rights and the processmoves to step 819 and terminates. The second being “MEDIUM” wherein theuser is granted restricted rights in step 818, and finally the thirdexemplary rights granted are “HIGH” wherein the user is given fullrights 817 having established an authorized host at step 816. It wouldbe understood to one skilled in the art that there are numerous degreesof access rights that could be granted to a user, both as broadprivileges, but also wherein the rights are varied according to theapplications accessible by the user.

Shown in FIG. 9 is an exemplary flow diagram for wherein the accessprivileges of user are determined by the establishment of communicationto remote computer systems and the verification of security data withsaid remote computer(s).

As a first step 901 in the exemplary process a peripheral memory storagedevice is coupled to the host system. The peripheral memory storagedevice is identified at step 902 by the host computer system, and fromit a set of remote computer identities are extracted, along withrequirements for remote system contacts at step 904. These identitiesare optionally stored within the peripheral memory storage device in amanner whereby they are secure, and are optionally hidden from normalaccessing of the peripheral memory storage device.

The host computer then takes the first remote system identity in step904 from the remote system identities list and uses the networkinterfaces of the host computer system to attempt communication withsaid remote system in step 905. Of course, once the applet is inexecution on the host system, it is able to monitor host system activitythrough process 906 and, as such, when a user of the host systemaccesses a server, the applet optionally automatically detects theaccess attempt and then establishes a secure communication channel bydownloading a security protocol in step 908 and verifying security datain step 909. If the verification in step 909 is accepted then thisverification is stored by the host in process 912 and the flow proceedsto step 911. If the verification of step 909 fails then the processwould move directly to step 911. Failure to detect the successfulcontact in process 906 would also move the process directly to step 911.

In step 911 the process determines whether additional remote computersystem identities exist to contact. If the determination is yes then theprocess moves to step 908, loads the next identity and returns to step905 to attempt contact with this next system. If the process determinesthat no other identities remain to be contacted then the process movesto step 913 and determines the overall rights. It would be apparent thatthe above process loop allows the process to store successfulverification data for each contacted remote system.

At this point, step 913, the overall user rights are established basedupon the security verifications completed and the requirements loadedfrom the peripheral memory storage device. As outlined supra this couldbe as simple as achieving security verification with a single remotesystem, or as complicated as requiring security verification with allremote systems in the identity list loaded from the peripheral memorystorage device. Optionally, the verification of each remote system isrequired for a different application for the user and, as such isoptionally performed independently one of another.

Shown in the exemplary embodiment are three user rights levels grantedto the user attached to the host, being determined in step 916 from theresult of prior process step 913. The first of these is “NONE” whereinuser is granted no rights wherein the process moves to step 917 andterminates. The second path being “MEDIUM” wherein the user is grantedrestricted rights in process step 918. Finally the third exemplaryrights granted are “HIGH” wherein host is authorized in step 915 and theuser is given full rights in step 916. It would be understood to oneskilled in the art that there are numerous degrees of access rights thatcould be granted to a user, both as broad privileges, but also whereinthe rights are varied according to the applications accessible by theuser. Alternatively, access privileges are stored securely within theperipheral memory storage device and form objects or functionsaccessible from within the peripheral memory storage device onceauthenticated to a server.

Shown in FIG. 10 is an exemplary flow diagram for wherein the accessprivileges of user are established via an applet loaded for establishingcommunication to remote computer systems and the verification ofsecurity data.

A peripheral memory storage device is coupled to the host system in step1001. The peripheral memory storage device and host system identify eachother at step 1002. This interchange triggers an applet to be loaded instep 1003, either onto the host system or internally, to the peripheralmemory storage device. Examples of potential applications for internallyrunning the applet could include the connection of a USB memory stick toa mobile telephone for the transfer of video, text documents orphotographs, an MP3 player to a mobile telephone for downloading music,or even a digital camera to a telephone to provide video conferencing.Many other applications exist for such interfacing of electronic devicestogether wherein one provides a network interface.

Once loaded the applet causes a remote computer identity to be loaded,step 1004, from the peripheral memory storage device. The remotecomputer identity is optionally stored within non-volatile memory of theperipheral memory storage device in a manner whereby it is secure, andfurther is optionally hidden from normal accessing of the peripheralmemory storage device. This remote system identity is loaded in step1005 and then used by the applet in accessing the network interfaces ofthe host system to attempt communication with said remote system at step1006.

Should the identified remote system not be contacted, as determined instep 1007, then the process moves to step 1014, wherein no rights aregranted and the process terminates. If, however, the identified remotesystem is contacted then process moves to step 1008 and the remotesystem triggers a security protocol download thereby establishing securecommunications between the remote system and the host system.Alternatively, secure communication is established between the remotesystem and the device. Upon completion of the security protocol then asecurity verification step is undertaken at step 1009. This verificationcould for example include the user providing said security data,extraction of security data embedded into the peripheral memory storagedevice, and even biometric validation of the user. If verification isnot completed the process moves to step 1012 and terminates. Ifverification is however completed successfully then this fact is storedby the host computer and user access privileges established from theremote system. Alternatively, instead of access privileges beingprovided from a server, the device has the access privileges storedinternal thereto in a secure fashion and, upon authentication, providesand enforces the access privileges locally. Within this exemplaryprocess flow the successful verification results in the process movingforward to step 1010 and the host computer identity and location beingsent to the remote system, wherein the access privileges are determinedin step 1011.

Shown in the exemplary embodiment are three user rights levels grantedto the user. The first of these is “NONE” wherein user is granted norights such that the process flow moves from step 1011 to step 1012 andterminates. The second rights level being “MEDIUM” wherein the user isgranted restricted rights at step 1013, and finally the third exemplaryrights granted are “HIGH” wherein the user is given full rights in step1012. It would be understood to one skilled in the art that there arenumerous degrees of access rights that could be granted to a user, bothas broad privileges, but also wherein the rights are varied according tothe applications accessible by the user.

Shown in FIG. 11 is a simplified flow diagram wherein access privilegesof user are established via an applet loaded for establishingcommunication to remote computer systems and the identity of the hostcomputer.

A peripheral memory storage device is coupled to the host system at step1101. The peripheral memory storage device and host system identify eachother in step 1102. This interchange triggers an applet to be executedat step 1103, either onto the host system or internally to theperipheral memory storage device. Examples of potential applications forinternally running the applet could include the connection of a USBmemory stick to a mobile telephone for the transfer of video, textdocuments or photographs, an MP3 player to a mobile telephone fordownloading music, or even a digital camera to a telephone to providevideo conferencing. Many other applications exist for such interfacingof electronic devices together wherein one provides a network interface.

Once loaded the applet causes a set of remote computer identities to beloaded in step 1104, where these are optionally temporarily storedwithin the host system or the peripheral memory storage device. Theremote computer identities are optionally stored for long-term usewithin the peripheral memory storage device in a manner whereby they aresecure, and further are optionally hidden from normal accessing of theperipheral memory storage device. The first remote system identity isloaded in step 1105 and used by the applet in accessing the networkinterfaces of the host system to attempt communication with said remotesystem at step 1106.

Should the first identified remote system not be contacted then the hostnow moves to step 1113 and returns to the extracted list of systemidentities to determine whether the identity attempted is the last inthe list. If not, then the next identity is extracted in step 1114, andthe host computer repeats the attempt to contact a remote host with thenext remote system identity back at step 1106. If, however, theidentified remote system is contacted then the remote system movesforward to step 1108 and triggers a security protocol download, therebyestablishing secure communications between the remote system and thehost system.

Upon completion of the security protocol setting, the identity of thehost system and location are communicated to the remote system at step1109. Upon receipt of the host computer identity the remote systemperforms a look-up operation of the host location against the activerights matrix and establishes the user's rights in step 1110. Theserights are then sent to the host computer and temporarily stored eitherlocal to the host computer or on the peripheral memory storage device atstep 1111.

The host computer now decides in step 1112, using the requirementspreviously loaded from the peripheral memory storage device in step 1104whether it is necessary to contact a further remote system. If it is theprocess moves to step 1114 and determines whether a further remotesystem identity exists. This process loop, when each next remote systemis contacted and communications established then a further set of userrights are transferred to the host computer and similarly stored withthe previous set or sets in step 1111.

The host computer continues through the list of computer identitiesuntil either the requirements for remote system contact have been met asdetermined in step 1112 or all remote system identities in the list havebeen processed and communication attempts completed. In either case theprocess moves to step 1115 and at this point the overall user rights areestablished. As with previous exemplary embodiments the establishment ofthe overall rights may be as simple as looking for the remote systemproviding the highest access privileges and thereby allowing the user towork in communication solely with this remote system, or by takingmultiple privileges such that different remote systems are accessedaccording to application or activity. It is also feasible that forexample multiple high level user rights might be required before theuser can access one or more remote systems. The process then moves tostep 1116 with the overall rights and determines the access.

Shown in the exemplary embodiment are three user rights levels grantedto the user attached to the host. The first of these is “NONE” whereinthe process moves to step 1120 and the user is granted no rights. Thesecond being “MEDIUM” wherein the process moves to step 1119 and theuser is granted restricted rights. Finally the third exemplary rightsgranted are “HIGH” wherein the process proceeds to step 1117 with thehost being authorized and the user being given full rights in step 1118.It would be understood to one skilled in the art that there are numerousdegrees of access rights that could be granted to a user, both as broadprivileges, but also wherein the rights are varied according to theapplications accessible by the user.

Shown in FIG. 12 is an exemplary flow diagram wherein access of a useris determined by establishing communication with a remote computersystem and identification of a host computer system from which the useris accessing the remote computer system.

A peripheral memory storage device is coupled to the host computersystem in first step 1201, wherein the peripheral memory storage deviceis identified by the host computer system in step 1202 and a remotecomputer identity is extracted therefrom at step 1203. This identity isoptionally stored within the peripheral memory storage device in amanner whereby it is secure, and further is optionally hidden. Theremote computer system identity comprises IP protocol sequences oralternatively a specific server or computer identity of a differentformat.

The host computer then with the identity of the remote system uses thenetwork interfaces of the host computer system to attempt communicationwith said remote system in step 1204. Optionally sequential accessing ofmultiple network interfaces is performed as sometimes computers areconnected simultaneously to multiple direct physical networks as well asaccessing other networks via wireless interfaces and the World Wide Web.If the identified remote system not be contacted, as determined atdecision process 1205, then the user is granted limited or no accessrights as the process moves to step 1209 and terminates.

If, however, the identified remote system is contacted then the remotesystem triggers a security protocol download at step 1206 andestablishes secure communications between the remote system and the hostsystem. Upon completion of the security protocol setting, the identityof the host system is communicated to the remote system in step 1207 andthe host location established in step 1208 whereupon the remote systemperforms a look-up operation of the host location against the activerights matrix and establishes the communication rights in step 1209.

The determined access rights are used in process step 1210 to establishthe user rights. As shown within the exemplary process flow two rightslevels are available. The first of these being “NONE” wherein no rightsare granted and the process moves to step 1209. The second rights levelbeing “GRANT” wherein the host computer is authorized at step 1211 bythe remote system and then user is granted full rights in step 1212.These rights are then supported in communication between the hostcomputer and remote computer. Alternatively the remote computer mayestablish these rights for communications between the host computer anda known remote server, wherein the known remote server is remote to boththe host and remote computers.

Though several of the embodiments described herein involve a list ofremote computers, they are also applicable to situations involvingremote servers, remote gateways, and wherein only a single entity isidentified for remote access or a plurality of entities identified.

Though the embodiments described herein involve a computer forcommunication with the host system and another remote computer forcommunication with the peripheral memory storage device, these computersare optionally one and the same system. Thus, either the peripheralmemory storage device accesses prior to the host system being providedaccess thereto or when the host system attempts to access the peripheralmemory storage device negotiates a secure connection therewith prior toproviding the host system access to the server. For example a web siteassociated with an on-line financial institution must first be trustedby the peripheral memory storage device before the peripheral memorystorage device releases information to it. Without such trustestablishment the peripheral memory storage device functionality islimited and does not allow for example account information to betransmitted to the remote system. Of course, where information withinthe peripheral memory storage device is required for securecommunication with the web site, a lack of “trust” results in a failedcommunication attempt. Effectively, this limits an effectiveness of manyforms of intrusion including some types of phishing, some types ofTrojans, and many other forms of hacking.

The exemplary embodiments described above are also implementable usingtokens, dongles, and smartcards which along with peripheral memorystorage devices are referred to herein and in the claims that follow asremovable security devices. Numerous other embodiments may be envisagedwithout departing from the spirit or scope of the invention.

1-32. (canceled)
 33. A method comprising: determining access privilegesto at least one of data and processes within a security device by:communicating with a remote system; exchanging security data between thesecurity device and the remote system; and in dependence upon thesecurity data exchanged, determining access privileges to at least oneof data and processes within the security device.
 34. A method accordingto claim 33 wherein, the security device comprises at least one of aperipheral memory storage device and a memory storage device.
 35. Amethod according to claim 33 wherein, an identifier of the remote systemis stored within the security device.
 36. A method according to claim 33wherein, exchanging the security data comprising exchanging the securitydata at least in dependence upon an authorization process forauthorizing at least one of the security device to the remote system andthe remote system by the security device.
 37. A method according toclaim 36 wherein, the authorization process comprises at least one ofgenerating a one time password, receiving a code from the first remotesystem and generating a one time password in dependence upon the code,providing a user authentication to the removable security device, andproviding user identification data and user authorization data from theremovable security device to the first remote system.
 38. A methodaccording to claim 36 wherein, the authorization process comprisesproviding authorization data from the security device to the remoteserver system, the authorization data stored within the security devicein a secure fashion and transmitted therefrom in an obfuscated fashionfor preventing deciphering thereof. 39-70. (canceled)
 71. A non-volatilecomputer readable medium having code stored thereon, wherein executionof the code by a suitable computing device results in a method ofdetermining access privileges to at least one of data and processeswithin a security device, the method comprising: communicating with aremote system; exchanging security data between the security device andthe remote system; and in dependence upon the security data exchanged,determining access privileges to at least one of data and processeswithin the security device
 72. A medium according to claim 71 wherein,the security device comprises at least one of a peripheral memorystorage device and a memory storage device.
 73. A medium according toclaim 71 wherein, an identifier of the remote system is stored withinthe security device.
 74. A medium according to claim 71 wherein,exchanging the security data comprising exchanging the security data atleast in dependence upon an authorization process for authorizing atleast one of the security device to the remote system and the remotesystem by the security device.
 75. A medium according to claim 74wherein, the authorization process comprises at least one of generatinga one time password, receiving a code from the first remote system andgenerating a one time password in dependence upon the code, providing auser authentication to the removable security device, and providing useridentification data and user authorization data from the removablesecurity device to the first remote system.
 76. A medium according toclaim 74 wherein, the authorization process comprises providingauthorization data from the security device to the remote server system,the authorization data stored within the security device in a securefashion and transmitted therefrom in an obfuscated fashion forpreventing deciphering thereof,
 77. A method of determining accessprivileges to at least one of data and processes within a securitydevice comprising a peripheral storage device, the method comprising:communicating with a remote system; exchanging security data between theperipheral storage device; and in dependence upon the security dataexchanged, determining access privileges to at least one of data andprocesses within the security device.
 78. The method of claim 77,further comprising identifying the peripheral storage device by a host.79. The method of claim 78, further comprising retrieving an identity ofthe remote system from the peripheral storage device.
 80. The method ofclaim 79, wherein the identity is stored in secure form on theperipheral storage device and hidden from normal access.
 81. The methodof claim 79, where communicating with the remote system comprisesaccessing the remote system through the host, based on the identityretrieved from the peripheral storage device.
 82. The method of claim80, wherein exchanging security data comprises downloading security datafrom the remote system for validation by the peripheral storage device.83. The method of claim 81, further comprising activating the peripheralstorage device based on the validation.
 84. The method of claim 81,further comprising granting the access rights by transmitting userrights to activate the remote system based on the validation.